Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 14.03.2018 Uruchomiony przez Amanda (administrator) AMANDA-KOMPUTER (25-03-2018 12:10:42) Uruchomiony z C:\Users\Amanda\Downloads Załadowane profile: Amanda (Dostępne profile: Amanda & Gość) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Samsung Electronics Co., Ltd.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\memdefrag.exe () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885432 2012-06-10] (Synaptics Incorporated) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1023616 2012-05-30] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-05-30] (Atheros Commnucations) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2208448 2018-03-13] (COMODO) HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4072376 2018-01-17] (COMODO) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-342036940-1713451959-184982914-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2018-03-16] (Glarysoft Ltd) HKU\S-1-5-21-342036940-1713451959-184982914-1000\...\Run: [Glary Memory Optimizer] => C:\Program Files (x86)\Glary Utilities 5\memdefrag.exe [129488 2018-03-16] (Glarysoft Ltd) HKU\S-1-5-21-342036940-1713451959-184982914-1000\...\Policies\system: [DisableLockWorkstation] 0 BootExecute: autocheck autochk * ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => Brak pliku Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => Brak pliku Tcpip\Parameters: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{6A427A05-AFB7-4E53-96AE-83F5ADEEDD18}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{7054F6D4-DA1E-49E8-B87E-60B870C8638D}: [DhcpNameServer] 212.2.96.53 212.2.96.54 Tcpip\..\Interfaces\{C1FFA13C-E99B-4312-A5AE-029C1ED90E3F}: [DhcpNameServer] 212.2.96.51 212.2.96.52 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131157197025958731&GUID=0797C667-547E-4C5F-9C22-945969546D51 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-342036940-1713451959-184982914-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-342036940-1713451959-184982914-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131157197028158734&GUID=0797C667-547E-4C5F-9C22-945969546D51 SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-342036940-1713451959-184982914-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-342036940-1713451959-184982914-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE BHO: Brak nazwy -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> Brak pliku BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-03] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-05-30] (Atheros Commnucations) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll => Brak pliku BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-03] (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.) Toolbar: HKU\S-1-5-21-342036940-1713451959-184982914-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku FireFox: ======== FF ProfilePath: C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\1ajjfibs.default-1452961869303 [2018-03-25] FF user.js: detected! => C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\1ajjfibs.default-1452961869303\user.js [2018-03-20] FF Extension: (Avast SafePrice) - C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\1ajjfibs.default-1452961869303\Extensions\sp@avast.com.xpi [2018-03-25] FF Extension: (Avast Online Security) - C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\1ajjfibs.default-1452961869303\Extensions\wrc@avast.com.xpi [2017-11-21] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-21] [Przestarzałe] [Brak podpisu cyfrowego] FF HKU\S-1-5-21-342036940-1713451959-184982914-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-18] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-18] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\Amanda\Desktop\Picasa3\npPicasa3.dll [Brak pliku] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-04-18] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-04-18] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-03] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-06-03] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-21] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-21] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-342036940-1713451959-184982914-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Amanda\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-13] (Google Inc.) FF Plugin HKU\S-1-5-21-342036940-1713451959-184982914-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Amanda\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-13] (Google Inc.) Chrome: ======= CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/hm?eq=U0EeCFZVBB8SRggUeA4AWAxIQxhGeAkNTA0XQAEOeQgNVhQSEAZBJVoKVl8UGQwFIk0FA1oDB0VXfV5bFElXTwhvNVpTGHsDSFJLNA==" CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Profile: C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default [2018-03-25] CHR Extension: (Prezentacje) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-07] CHR Extension: (Dokumenty) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-07] CHR Extension: (Dysk Google) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-17] CHR Extension: (YouTube) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-17] CHR Extension: (Adblock Plus) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-03-20] CHR Extension: (Google Search) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-17] CHR Extension: (Avast SafePrice) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-03-20] CHR Extension: (Arkusze) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-07] CHR Extension: (Dokumenty Google offline) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (AdBlock) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-20] CHR Extension: (Avast Online Security) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-20] CHR Extension: (Skype) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-19] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-07] CHR Extension: (Gmail) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-17] CHR Extension: (Chrome Media Router) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-20] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [119424 2012-05-30] (Atheros Commnucations) [Brak podpisu cyfrowego] R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11395096 2018-03-13] (COMODO) R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2018-03-13] (COMODO) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-10] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-10] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-03-15] (Dropbox, Inc.) R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-10-09] (Freemake) [Brak podpisu cyfrowego] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-04-18] () R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1199544 2018-01-17] (COMODO) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164184 2012-04-18] (Intel Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [Brak podpisu cyfrowego] S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [Brak podpisu cyfrowego] R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [Brak podpisu cyfrowego] R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3298600 2018-03-02] (Samsung Electronics Co., Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-05-30] (Atheros) [Brak podpisu cyfrowego] S2 Mobile Partner. RunOuc; C:\Users\Amanda\Desktop\internet\Mobile Partner\UpdateDog\ouc.exe [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== UWAGA (Brak ServiceDLL) S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-06] (AVAST Software) S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-06] (AVAST Software) S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-06] (AVAST Software) S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-06] (AVAST Software) S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-06] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-06] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-06] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-06] (AVAST Software) S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-06] (AVAST Software) S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-06] (AVAST Software) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [34280 2018-01-31] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [846624 2018-01-31] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [59096 2018-01-31] (COMODO) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28424 2018-03-20] (Glarysoft Ltd) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [123544 2018-01-31] (COMODO) R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50576 2018-01-17] (COMODO) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation) R1 MpKsl064c77e4; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{58B58211-BB72-48B2-9ECC-D70E7D6049FD}\MpKsl064c77e4.sys [58120 2018-03-23] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation) U3 aswbdisk; Brak ImagePath S3 dbx; system32\DRIVERS\dbx.sys [X] S1 dfaphode; \??\C:\Windows\system32\drivers\dfaphode.sys [X] S1 ovxnibbx; \??\C:\Windows\system32\drivers\ovxnibbx.sys [X] S1 siczvyca; \??\C:\Windows\system32\drivers\siczvyca.sys [X] S1 wbublsvl; \??\C:\Windows\system32\drivers\wbublsvl.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-03-25 12:10 - 2018-03-25 12:10 - 000023210 _____ C:\Users\Amanda\Downloads\FRST.txt 2018-03-25 12:09 - 2018-03-25 12:10 - 000000000 ____D C:\FRST 2018-03-25 12:08 - 2018-03-25 12:09 - 002403328 _____ (Farbar) C:\Users\Amanda\Downloads\FRST64.exe 2018-03-25 12:08 - 2018-03-25 12:08 - 000003270 _____ C:\Windows\system32\Drivers\fvstore.dat 2018-03-25 12:07 - 2018-03-25 12:08 - 001764352 _____ (Farbar) C:\Users\Amanda\Downloads\FRST.exe 2018-03-25 12:01 - 2018-03-25 12:01 - 000602112 _____ (OldTimer Tools) C:\Users\Amanda\Downloads\OTL.exe 2018-03-25 11:59 - 2018-03-25 11:59 - 001688146 _____ ( ) C:\Users\Amanda\Downloads\OTL 3.2.70.2_2394429868.exe 2018-03-25 11:46 - 2018-03-25 11:46 - 000186880 _____ (CEXX.ORG) C:\Users\Amanda\Downloads\LSPFix.exe 2018-03-25 11:45 - 2018-03-25 11:45 - 000000000 ____D C:\Users\Amanda\Downloads\backups 2018-03-25 11:30 - 2018-03-25 11:30 - 000388608 _____ (Trend Micro Inc.) C:\Users\Amanda\Downloads\HijackThis.exe 2018-03-25 08:59 - 2018-03-25 09:06 - 041185407 _____ (KLCP ) C:\Users\Amanda\Downloads\K-Lite_Codec_Pack_1405_Full.exe 2018-03-23 01:16 - 2018-03-23 01:16 - 000000000 ___RD C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2018-03-23 01:11 - 2018-03-23 01:11 - 000000000 ____D C:\ProgramData\GlarySoft 2018-03-22 23:08 - 2018-03-25 12:05 - 000698816 _____ C:\Windows\system32\Drivers\sfi.dat 2018-03-22 23:08 - 2018-03-22 23:08 - 000000000 ____D C:\Windows\System32\Tasks\COMODO 2018-03-22 23:07 - 2018-03-22 23:07 - 000000000 ____D C:\Program Files\COMODO 2018-03-22 23:06 - 2018-03-22 23:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2018-03-22 23:06 - 2018-03-22 23:06 - 000000000 ____D C:\Program Files (x86)\COMODO 2018-03-22 23:06 - 2018-01-17 09:59 - 000255248 _____ (COMODO) C:\Windows\system32\iseguard64.dll 2018-03-22 23:06 - 2018-01-17 09:59 - 000205256 _____ (COMODO) C:\Windows\SysWOW64\iseguard32.dll 2018-03-22 23:06 - 2018-01-17 09:59 - 000050576 _____ (COMODO) C:\Windows\system32\Drivers\isedrv.sys 2018-03-22 22:56 - 2018-03-22 22:57 - 005546648 _____ (COMODO) C:\Users\Amanda\Downloads\cispremium_installer_10299_7b (1).exe 2018-03-22 22:42 - 2018-03-22 23:14 - 000000000 ____D C:\Users\Amanda\AppData\Local\FSDART 2018-03-22 22:41 - 2018-03-22 22:55 - 000000000 ____D C:\ProgramData\F-Secure 2018-03-22 22:41 - 2018-03-22 22:41 - 000000000 ____D C:\Users\Amanda\AppData\Local\F-Secure 2018-03-22 22:40 - 2018-03-22 22:40 - 000524248 _____ (F-Secure Corporation) C:\Users\Amanda\Downloads\F-SecureOnlineScanner.exe 2018-03-22 22:40 - 2018-03-22 22:40 - 000524248 _____ (F-Secure Corporation) C:\Users\Amanda\Downloads\F-SecureOnlineScanner (1).exe 2018-03-22 22:29 - 2018-03-22 22:30 - 003396099 _____ C:\Users\Amanda\Downloads\Niepotwierdzony 579830.crdownload 2018-03-22 22:27 - 2018-03-22 23:06 - 000000000 ____D C:\ProgramData\Comodo 2018-03-22 22:27 - 2018-03-22 22:27 - 000000000 ____D C:\ProgramData\Shared Space 2018-03-22 22:27 - 2018-03-22 22:27 - 000000000 ____D C:\ProgramData\Comodo Downloader 2018-03-22 22:24 - 2018-03-22 22:25 - 005546648 _____ (COMODO) C:\Users\Amanda\Downloads\cispremium_installer_10299_7b.exe 2018-03-22 21:54 - 2018-03-22 21:57 - 000000050 _____ C:\Windows\system32\Null 2018-03-22 21:53 - 2018-03-22 21:53 - 000003465 _____ C:\Users\Amanda\Desktop\reset.bat 2018-03-22 21:50 - 2018-03-22 21:50 - 000003465 _____ C:\Users\Amanda\Downloads\reset.bat.txt 2018-03-22 21:32 - 2018-03-22 21:45 - 000000000 ____D C:\Windows\SoftwareDistribution.old 2018-03-22 21:32 - 2018-03-22 21:32 - 000003160 _____ C:\Windows\System32\Tasks\SidebarExecute 2018-03-22 21:32 - 2018-03-22 21:32 - 000000000 ____D C:\Windows\system32\oldcatroot2 2018-03-22 21:16 - 2018-03-22 21:16 - 000000207 _____ C:\Windows\tweaking.com-regbackup-AMANDA-KOMPUTER-Windows-7-Home-Premium-(64-bit).dat 2018-03-22 21:16 - 2018-03-22 21:16 - 000000000 ____D C:\RegBackup 2018-03-22 21:09 - 2018-03-22 21:09 - 000000000 ____D C:\Users\Amanda\Desktop\tweaking.com_windows_repair_aio (1) 2018-03-22 21:00 - 2018-03-22 21:06 - 037087936 _____ C:\Users\Amanda\Downloads\tweaking.com_windows_repair_aio (1).zip 2018-03-22 00:57 - 2018-03-22 00:57 - 000000000 ____D C:\ProgramData\Atheros 2018-03-21 23:24 - 2018-03-21 23:24 - 000000000 ____D C:\82bbcf39ff0e893b23bdda 2018-03-21 23:21 - 2018-03-21 23:21 - 000003542 _____ C:\Windows\System32\Tasks\SCCSpeedBoot 2018-03-21 23:21 - 2018-03-21 23:21 - 000003500 _____ C:\Windows\System32\Tasks\EasySpeedUpManager 2018-03-21 23:21 - 2018-03-21 23:21 - 000003446 _____ C:\Windows\System32\Tasks\SmartSetting 2018-03-21 23:21 - 2018-03-21 23:21 - 000003442 _____ C:\Windows\System32\Tasks\WLANStartup 2018-03-21 23:21 - 2018-03-21 23:21 - 000003392 _____ C:\Windows\System32\Tasks\MovieColorEnhancer 2018-03-21 23:21 - 2018-03-21 23:21 - 000003292 _____ C:\Windows\System32\Tasks\EasyBatteryManager 2018-03-21 23:21 - 2018-03-21 23:21 - 000003210 _____ C:\Windows\System32\Tasks\EasyDisplayMgr 2018-03-21 23:21 - 2018-03-21 23:21 - 000001876 _____ C:\Users\Public\Desktop\Easy Settings.lnk 2018-03-21 23:21 - 2018-03-21 23:21 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SABI_01009.Wdf 2018-03-21 23:21 - 2011-09-22 15:39 - 000013824 _____ (SAMSUNG ELECTRONICS) C:\Windows\system32\Drivers\SABI.sys 2018-03-21 23:18 - 2018-03-21 23:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program 2018-03-21 23:18 - 2018-03-21 23:18 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\Atheros 2018-03-21 23:18 - 2018-03-21 23:18 - 000000000 ____D C:\Program Files (x86)\Bluetooth Suite 2018-03-21 21:32 - 2018-03-21 21:32 - 000000000 ____D C:\Program Files (x86)\UEFI WinFlash 2018-03-21 01:45 - 2018-03-21 01:45 - 000000000 ____D C:\Windows\system32\SRSLabs 2018-03-21 01:45 - 2012-06-12 23:00 - 000726160 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys 2018-03-21 01:45 - 2012-06-12 23:00 - 000074344 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll 2018-03-21 01:44 - 2012-08-10 19:06 - 004102928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2018-03-21 01:44 - 2012-08-10 17:43 - 000330541 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT 2018-03-21 01:44 - 2012-08-10 12:58 - 005892608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat 2018-03-21 01:44 - 2012-08-06 16:44 - 001561744 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl 2018-03-21 01:44 - 2012-08-06 12:49 - 002743440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2018-03-21 01:44 - 2012-08-01 19:29 - 000109200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll 2018-03-21 01:44 - 2012-07-24 18:30 - 000606336 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll 2018-03-21 01:44 - 2012-07-20 15:41 - 000880784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2018-03-21 01:44 - 2012-07-19 17:52 - 007598456 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll 2018-03-21 01:44 - 2012-07-19 17:52 - 002028920 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll 2018-03-21 01:44 - 2012-07-19 17:51 - 002080120 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll 2018-03-21 01:44 - 2012-07-19 17:51 - 000834936 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll 2018-03-21 01:44 - 2012-07-16 15:16 - 003643024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll 2018-03-21 01:44 - 2012-07-15 22:13 - 000394616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll 2018-03-21 01:44 - 2012-07-15 22:13 - 000394616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll 2018-03-21 01:44 - 2012-07-02 16:39 - 001264272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll 2018-03-21 01:44 - 2012-06-20 18:26 - 000110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll 2018-03-21 01:44 - 2012-06-15 12:20 - 007163784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll 2018-03-21 01:44 - 2012-06-15 12:20 - 000433544 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll 2018-03-21 01:44 - 2012-06-15 12:20 - 000141192 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll 2018-03-21 01:44 - 2012-06-15 12:20 - 000123784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll 2018-03-21 01:44 - 2012-06-15 12:20 - 000074632 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll 2018-03-21 01:44 - 2012-04-10 15:40 - 002533952 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll 2018-03-21 01:35 - 2018-03-21 01:35 - 000002996 _____ C:\Windows\System32\Tasks\SUPatchForW10Up 2018-03-20 21:46 - 2018-03-22 01:04 - 000002150 _____ C:\Windows\HotFixList.ini 2018-03-20 21:46 - 2018-03-20 21:46 - 000000000 ____D C:\687987d34691fe866e 2018-03-20 21:46 - 2009-09-17 12:00 - 000345600 _____ (Samsung Electronics Co., Ltd.) C:\Windows\SetLCDStretchMode.exe 2018-03-20 21:30 - 2018-03-20 21:30 - 000000000 ____D C:\ProgramData\Synaptics 2018-03-20 21:26 - 2018-03-20 21:26 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf 2018-03-20 21:25 - 2018-03-20 21:25 - 000000000 ____D C:\Program Files\Synaptics 2018-03-20 21:23 - 2018-03-20 21:23 - 000000000 ____D C:\Users\Amanda\Downloads\Touchpad_16.1.1.0 2018-03-20 21:23 - 2012-04-08 18:18 - 000307984 _____ (Synaptics Incorporated) C:\Windows\system32\SynCtrl.dll 2018-03-20 21:23 - 2012-04-08 18:18 - 000249104 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCtrl.dll 2018-03-20 21:23 - 2012-04-08 18:18 - 000150800 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo9.dll 2018-03-20 21:23 - 2012-04-08 18:18 - 000068880 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPEnhPS.dll 2018-03-20 21:23 - 2011-09-14 12:11 - 001048576 _____ C:\Windows\system32\syndata.bin 2018-03-20 21:20 - 2018-03-20 21:22 - 081325758 _____ C:\Users\Amanda\Downloads\Touchpad_16.1.1.0.ZIP 2018-03-20 02:32 - 2018-03-20 02:32 - 000000000 ____D C:\Users\Amanda\AppData\Local\Samsung 2018-03-20 02:26 - 2018-03-21 23:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2018-03-20 02:26 - 2018-03-21 23:21 - 000000000 ____D C:\Program Files (x86)\Samsung 2018-03-20 02:26 - 2018-03-20 02:26 - 000003042 _____ C:\Windows\System32\Tasks\SAgent 2018-03-20 02:26 - 2018-03-20 02:26 - 000000000 ____D C:\Program Files\Samsung 2018-03-20 02:25 - 2018-03-25 10:19 - 000000000 ____D C:\ProgramData\Samsung 2018-03-20 02:25 - 2018-03-20 02:25 - 000000000 ____D C:\Users\Amanda\Downloads\SamsungUpdate_2.2.9.40 2018-03-20 02:24 - 2018-03-20 02:24 - 026688367 _____ C:\Users\Amanda\Downloads\SamsungUpdate_2.2.9.40.ZIP 2018-03-20 02:16 - 2018-03-16 11:07 - 000035792 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe 2018-03-20 02:09 - 2018-03-23 01:17 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5 2018-03-20 02:09 - 2018-03-23 01:11 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\GlarySoft 2018-03-20 02:09 - 2018-03-20 02:09 - 000028424 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys 2018-03-20 02:09 - 2018-03-20 02:09 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2018-03-20 02:09 - 2018-03-20 02:09 - 000001080 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk 2018-03-20 02:09 - 2018-03-20 02:09 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\DiskDefrag 2018-03-20 02:09 - 2018-03-20 02:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5 2018-03-20 02:08 - 2018-03-20 02:09 - 017167136 _____ (Glarysoft Ltd) C:\Users\Amanda\Downloads\gu5setup.exe 2018-03-20 01:34 - 2018-03-20 01:34 - 000033071 _____ C:\ComboFix.txt 2018-03-20 01:16 - 2011-06-26 08:45 - 000256000 _____ C:\Windows\PEV.exe 2018-03-20 01:16 - 2010-11-07 19:20 - 000208896 _____ C:\Windows\MBR.exe 2018-03-20 01:16 - 2009-04-20 06:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2018-03-20 01:16 - 2000-08-31 02:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2018-03-20 01:16 - 2000-08-31 02:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2018-03-20 01:16 - 2000-08-31 02:00 - 000098816 _____ C:\Windows\sed.exe 2018-03-20 01:16 - 2000-08-31 02:00 - 000080412 _____ C:\Windows\grep.exe 2018-03-20 01:16 - 2000-08-31 02:00 - 000068096 _____ C:\Windows\zip.exe 2018-03-20 01:15 - 2018-03-20 01:34 - 000000000 ____D C:\Qoobox 2018-03-20 01:15 - 2018-03-20 01:31 - 000000000 ____D C:\Windows\erdnt 2018-03-20 01:09 - 2018-03-22 21:43 - 000112400 _____ C:\Users\Amanda\AppData\Local\GDIPFONTCACHEV1.DAT 2018-03-20 01:07 - 2018-03-20 01:07 - 000000000 _____ C:\Windows\SysWOW64\config.nt 2018-03-20 01:03 - 2018-03-22 21:41 - 000422032 _____ C:\Windows\system32\FNTCACHE.DAT 2018-03-20 01:01 - 2018-03-20 01:01 - 008222496 _____ (Malwarebytes) C:\Users\Amanda\Downloads\AdwCleaner.exe 2018-03-20 01:00 - 2018-03-20 01:01 - 068724528 _____ (Malwarebytes ) C:\Users\Amanda\Downloads\mb3-setup-1878.1878-3.4.4.2398.exe 2018-03-20 01:00 - 2018-03-20 01:00 - 037087936 _____ C:\Users\Amanda\Downloads\tweaking.com_windows_repair_aio.zip 2018-03-20 01:00 - 2018-03-20 01:00 - 005659794 ____R (Swearware) C:\Users\Amanda\Downloads\ComboFix.exe 2018-03-20 00:59 - 2018-03-20 00:59 - 000326144 _____ (AVAST Software) C:\Users\Amanda\Downloads\aswclear.exe 2018-03-20 00:46 - 2018-03-20 00:46 - 000001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk 2018-03-20 00:46 - 2018-03-20 00:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2018-03-20 00:46 - 2018-03-20 00:46 - 000000000 ____D C:\Program Files\VS Revo Group 2018-03-20 00:45 - 2018-03-20 00:46 - 007189760 _____ (VS Revo Group ) C:\Users\Amanda\Downloads\revosetup.exe 2018-03-18 23:59 - 2018-03-18 23:59 - 003538571 _____ C:\Users\Amanda\Downloads\Koniec Świata - Jak mnie tu znalazłaś.mp3.part 2018-03-18 23:11 - 2018-03-22 22:34 - 000004580 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-03-18 22:55 - 2018-03-18 22:56 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\booking-nativefier-b23a56 2018-03-18 22:51 - 2018-03-18 22:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-03-15 13:50 - 2018-03-15 13:50 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2018-03-15 13:50 - 2018-03-15 13:50 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2018-03-15 13:50 - 2018-03-15 13:50 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2018-03-15 13:50 - 2018-03-15 13:50 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2018-03-13 18:20 - 2018-03-13 18:20 - 000923720 _____ (COMODO) C:\Windows\system32\guard64.dll 2018-03-13 18:20 - 2018-03-13 18:20 - 000710168 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll 2018-03-13 18:20 - 2018-03-13 18:20 - 000051808 _____ (COMODO) C:\Windows\system32\cmdcsr.dll 2018-03-13 18:18 - 2018-03-13 18:18 - 000467648 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll 2018-03-13 18:16 - 2018-03-13 18:16 - 000371392 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-03-25 12:10 - 2017-12-22 10:18 - 000000000 ____D C:\Users\Amanda\Downloads\Nowy folder (3) 2018-03-25 12:10 - 2014-05-04 09:58 - 000000000 ____D C:\Users\Amanda\Downloads\Nowy folder 2018-03-25 11:56 - 2009-07-14 06:45 - 000018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-03-25 11:56 - 2009-07-14 06:45 - 000018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-03-25 11:42 - 2016-06-10 08:56 - 000001152 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2018-03-25 10:44 - 2017-12-22 10:07 - 000000000 ____D C:\Users\Amanda\AppData\LocalLow\Mozilla 2018-03-25 09:09 - 2016-01-17 13:01 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-03-25 09:09 - 2016-01-17 13:01 - 000002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-03-25 08:30 - 2016-06-10 08:56 - 000001148 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2018-03-25 08:30 - 2013-06-03 18:25 - 002042909 _____ C:\IFRToolLog.txt 2018-03-25 08:26 - 2009-10-25 05:01 - 000694910 _____ C:\Windows\system32\perfh015.dat 2018-03-25 08:26 - 2009-10-25 05:01 - 000139412 _____ C:\Windows\system32\perfc015.dat 2018-03-25 08:26 - 2009-07-14 07:13 - 001578778 _____ C:\Windows\system32\PerfStringBackup.INI 2018-03-25 08:26 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2018-03-25 08:24 - 2013-06-03 16:41 - 000000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2018-03-23 01:15 - 2013-06-03 16:41 - 000000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2018-03-23 01:15 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-03-22 22:36 - 2017-06-05 17:56 - 000003976 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1496678200 2018-03-22 22:35 - 2016-01-17 12:18 - 000002748 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2018-03-22 22:34 - 2017-06-05 17:51 - 000004174 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-03-22 22:34 - 2015-06-29 10:53 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-03-22 22:34 - 2015-05-28 10:08 - 000004414 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-03-22 21:30 - 2009-07-14 04:34 - 000000549 _____ C:\Windows\win.ini 2018-03-21 23:21 - 2013-06-03 16:36 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2018-03-21 23:18 - 2012-05-30 15:44 - 000246804 _____ C:\Windows\system32\Drivers\AtherosBt.bin 2018-03-21 23:18 - 2012-05-30 15:44 - 000004272 _____ C:\Windows\system32\Drivers\ramps_0x01020200_26.pst 2018-03-21 23:18 - 2012-05-30 15:44 - 000001926 _____ C:\Windows\system32\Drivers\ramps_0x31010000_40.dfu 2018-03-21 23:18 - 2012-05-30 15:44 - 000001796 _____ C:\Windows\system32\Drivers\ramps_0x11020000_40.dfu 2018-03-21 23:18 - 2012-05-30 15:44 - 000001442 _____ C:\Windows\system32\Drivers\ramps_0x01020201_26.pst 2018-03-21 23:18 - 2012-05-30 15:44 - 000001440 _____ C:\Windows\system32\Drivers\ramps_0x31010000_40_dc01.dfu 2018-03-21 23:18 - 2012-05-30 15:44 - 000001242 _____ C:\Windows\system32\Drivers\ramps_0x01020200_40_0x01.dfu 2018-03-21 23:18 - 2012-05-30 15:44 - 000001228 _____ C:\Windows\system32\Drivers\ramps_0x01020200_40_0x04.dfu 2018-03-21 23:18 - 2012-05-30 15:44 - 000001214 _____ C:\Windows\system32\Drivers\ramps_0x01020200_40_0x03.dfu 2018-03-21 23:18 - 2012-05-30 15:44 - 000001204 _____ C:\Windows\system32\Drivers\ramps_0x01020200_40_0x02.dfu 2018-03-21 23:18 - 2012-05-30 15:44 - 000001204 _____ C:\Windows\system32\Drivers\ramps_0x01020200_40.dfu 2018-03-21 23:18 - 2012-05-30 15:44 - 000001198 _____ C:\Windows\system32\Drivers\ramps_0x01020200_26.dfu 2018-03-21 23:18 - 2012-05-30 15:44 - 000001192 _____ C:\Windows\system32\Drivers\ramps_0x01020200_26_0x01.dfu 2018-03-21 23:18 - 2012-05-30 15:44 - 000000264 _____ C:\Windows\system32\Drivers\ramps_0x01020201_40.dfu 2018-03-21 23:18 - 2012-05-30 15:44 - 000000264 _____ C:\Windows\system32\Drivers\ramps_0x01020201_26.dfu 2018-03-21 01:46 - 2013-06-03 16:39 - 000000000 ____D C:\Program Files (x86)\Atheros 2018-03-21 01:45 - 2013-06-03 16:41 - 000000000 ___HD C:\Program Files (x86)\Temp 2018-03-21 01:45 - 2013-06-03 16:36 - 000000000 ____D C:\Program Files (x86)\Realtek 2018-03-21 01:44 - 2013-06-03 16:41 - 000000000 ____D C:\Windows\SysWOW64\RTCOM 2018-03-20 21:27 - 2017-12-19 00:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-03-20 21:27 - 2013-06-03 20:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-03-20 02:16 - 2013-06-03 16:25 - 000000000 ____D C:\Users\Amanda 2018-03-20 02:16 - 2009-07-14 04:34 - 090963968 _____ C:\Windows\system32\config\software.gu.bak 2018-03-20 02:16 - 2009-07-14 04:34 - 025427968 _____ C:\Windows\system32\config\system.gu.bak 2018-03-20 02:16 - 2009-07-14 04:34 - 000524288 _____ C:\Windows\system32\config\default.gu.bak 2018-03-20 02:16 - 2009-07-14 04:34 - 000262144 _____ C:\Windows\system32\config\security.gu.bak 2018-03-20 02:16 - 2009-07-14 04:34 - 000262144 _____ C:\Windows\system32\config\sam.gu.bak 2018-03-20 02:13 - 2017-06-05 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2018-03-20 02:13 - 2014-06-06 21:50 - 000001027 _____ C:\Users\Public\Desktop\Mobile Partner.lnk 2018-03-20 01:59 - 2015-12-20 11:31 - 000000000 ____D C:\rei 2018-03-20 01:36 - 2013-06-09 07:59 - 000000000 ____D C:\Users\Amanda\AppData\Local\CrashDumps 2018-03-20 01:30 - 2009-07-14 04:34 - 000000215 _____ C:\Windows\system.ini 2018-03-20 01:29 - 2009-07-14 04:34 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_402 2018-03-20 01:26 - 2015-05-28 09:20 - 000000000 ____D C:\ProgramData\TEMP 2018-03-20 01:10 - 2013-08-13 11:31 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\Skype 2018-03-20 01:07 - 2017-06-05 17:46 - 000000000 ____D C:\Program Files\AVAST Software 2018-03-20 01:03 - 2017-11-26 23:15 - 000000000 ____D C:\Program Files\Google 2018-03-20 01:03 - 2016-06-10 08:56 - 000000000 ____D C:\Program Files\ByteFence 2018-03-20 01:03 - 2013-06-03 21:41 - 000000000 ____D C:\Program Files (x86)\Google 2018-03-20 00:51 - 2013-06-03 21:41 - 000000000 ____D C:\Users\Amanda\AppData\Local\Google 2018-03-20 00:43 - 2014-01-16 20:26 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\Media Player Classic 2018-03-20 00:42 - 2015-12-20 11:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair 2018-03-20 00:42 - 2014-06-06 21:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner 2018-03-20 00:42 - 2013-06-26 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plus Internet 2018-03-20 00:42 - 2013-06-06 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 2018-03-20 00:42 - 2013-06-03 09:17 - 000000000 ____D C:\Windows\Panther 2018-03-20 00:42 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\ModemLogs 2018-03-18 23:11 - 2013-06-06 19:13 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-03-18 23:11 - 2013-06-06 19:13 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-03-18 23:11 - 2013-06-06 19:13 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-03-18 23:11 - 2013-06-06 19:13 - 000000000 ____D C:\Windows\system32\Macromed 2018-03-18 22:51 - 2016-06-10 08:56 - 000000000 ____D C:\Program Files (x86)\Dropbox 2018-03-11 23:31 - 2017-05-05 14:52 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Pliki w katalogu głównym wybranych folderów ======= 2014-06-01 22:08 - 2014-06-01 22:08 - 000000268 ___RH () C:\Users\Amanda\AppData\Roaming\Clean Electric Guitar 2014-06-01 22:09 - 2014-06-01 22:09 - 000000268 ___RH () C:\Users\Amanda\AppData\Roaming\Clips 2014-06-01 22:08 - 2014-06-01 22:08 - 000000268 ___RH () C:\Users\Amanda\AppData\Roaming\Cocoa 2013-12-19 16:24 - 2016-07-26 09:38 - 000000135 _____ () C:\Users\Amanda\AppData\Roaming\WB.CFG 2014-10-16 20:37 - 2015-11-07 11:39 - 000009216 _____ () C:\Users\Amanda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2018-03-20 23:09 ==================== Koniec FRST.txt ============================